This action runs tflint with reviewdog on pull requests to enforce best practices.
By default, with reporter: github-pr-check an annotation is added to
the line:
With reporter: github-pr-review a comment is added to
the Pull Request Conversation:
Required. Must be in form of github_token: ${{ secrets.github_token }}.
Optional. Report level for reviewdog [info,warning,error].
It's same as -level flag of reviewdog.
The default is error.
Optional. Reporter of reviewdog command [github-pr-check,github-pr-review].
The default is github-pr-check.
Optional. Filtering for the reviewdog command [added,diff_context,file,nofilter].
The default is added.
See reviewdog documentation for filter mode for details.
Optional. If set to none, always use exit code 0 for reviewdog.
Otherwise, exit code 1 for reviewdog if it finds at least 1 issue with severity greater than or equal to the given level.
Possible values: [none, any, info, warning, error]
Default is none.
Deprecated, use fail_level instead.
Optional. Exit code for reviewdog when errors are found [true,false].
The default is false.
See reviewdog documentation for exit codes for details.
Optional. Directory to run the action on, from the repo root.
The default is . ( root of the repository).
Optional. The tflint version to install and use.
The default is latest.
Optional. Space separated, official (from the terraform-linters GitHub organization) tflint rulesets to install and use. If a pre-configured TFLINT_PLUGIN_DIR is set, rulesets are installed in that directory.
Default is `` (empty).
Optional. Whether to run tflint --init prior to linting (useful if you have a .tflint.hcl with some values in it).
The default is false.
Optional. The target dir for the tflint command. This is the directory passed to tflint as opposed to working_directory which is the directory the command is executed from.
The default is ..
Optional. Config file name for tflint.
The default is .tflint.hcl
Optional. List of arguments to send to tflint.
For the output to be parsable by reviewdog --format=checkstyle is enforced.
The default is --call-module-type=all.
The tflint command return code.
The reviewdog command return code.
name: reviewdog
on: [pull_request]
jobs:
tflint:
name: runner / tflint
runs-on: ubuntu-latest
steps:
- name: Clone repo
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
# Install latest Terraform manually as
# Docker-based GitHub Actions are
# slow due to lack of caching
# Note: Terraform is not needed for tflint
- name: Install Terraform
run: |
brew install terraform
# Run init to get module code to be able to use `--call-module-type=all`
- name: Terraform init
run: |
terraform init
# Minimal example
- name: tflint
uses: reviewdog/action-tflint@41b4770c9d9e50741c20e431986b33124a07ca52 # v1.24.2
with:
github_token: ${{ secrets.github_token }}
# More complex example
- name: tflint
uses: reviewdog/action-tflint@41b4770c9d9e50741c20e431986b33124a07ca52 # v1.24.2
with:
github_token: ${{ secrets.github_token }}
working_directory: "testdata" # Optional. Change working directory
reporter: github-pr-review # Optional. Change reporter
fail_level: "any" # Optional. Fail action if it finds at least 1 issue with severity greater than or equal to the given level.
filter_mode: "nofilter" # Optional. Check all files, not just the diff
tflint_version: "v0.24.0" # Optional. Custom version, instead of latest
tflint_rulesets: "azurerm google" # Optional. Extra official rulesets to install
flags: "--call-module-type=all" # Optional. Add custom tflint flagsYou can bump version on merging Pull Requests with specific labels (bump:major,bump:minor,bump:patch). Pushing tag manually by yourself also work.
This action updates major/minor release tags on a tag push. e.g. Update v1 and v1.2 tag when released v1.2.3. ref: https://help.github.com/en/articles/about-actions#versioning-your-action
This reviewdog action template itself is integrated with reviewdog to run lints which is useful for Docker container based actions.
Supported linters: